Hi all, Not sure if this forum is more for programming or front-end issues. Anyway, I'll try my luck here. Basically, I'm looking for any recommended articles on secure PHP and serever-side programming in general...best practices, preventing global variables, SQL injects, etc....I'm doing my own research, but always enjoy your thoughts.... Thanks!

At the risk of sounding obvious, you may want to read the PHP Manual section on security. Personally, after learning about the security risks, I never turn on register_globals. I access all data through the superglobals ($_POST, $_Get, etc.) Another often overlooked security issue is that of simply keeping your code secret...It's a lot tougher to break if they can't read it to find its vulnerabilities. That is discussed on the page linked above. -SN

Thanks....good read. The Zend site had some nice articles too. When you work in PHP, what are you most pressing security concerns? Global vars? SQL injects? Command-line execution? Not putting "secure" information in the clear URL? Am I missing anything? SN...you should know by now....nothing is obvious to me! lol....thanks!

"When you work in PHP, what are you most pressing security concerns?" Implement security below the application level whenever possible. The other obvious ones are: - only allow functions to be used the way you intended or not at all - don't trust user input - don't trust any input - keep permissions data seperate from code and other data - patch your software - test every configuration setting or assume it doesn't work (and then test it or disable it)